Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

tsu doh nimh writes "You may have never heard of youhavedownloaded.com, but if you recently grabbed movies, music or software from online file-trading networks, chances are decent that the site has heard of you. In fact, you may find that the titles you downloaded are now listed and publicly searchable at the site, indexed by your Internet address. So far, youhavedownloaded.com has recorded more than 50 million unique Internet addresses belonging to file-sharing users. The site is searchable by file name and by Internet address. When you visit, it automatically checks and lets you know if your Internet address is in the database."

Whether they are recording file-share IPs from torrent downloads or not would be beside the point. The people who are visiting this site would be people who do file-share and my be concerned they'll be sued.

Visiting the site will confirm they're on the list and they'll be "scared straight".

I also visited the site, out of a particular curiosity. It said my permanent IP address was not in their database.

I'm not sure how to interpret this - I have used torrents, but only for Linux ISOs (a few flavors of Ubuntu and PCLinuxOS). However, the site does not appear to restrict itself to torrents of questionable legality, but apparently encompasses all file sharing, including the legal sharing of GPL and CC works. If you enter "Ubuntu" in their search box, it will return a number of ISO links along

That's because linux is free and therefor deprives an honest company of it's god given right to profit.Why would you freely admit to such unethical behavior, how can you be so proud of stealing caviar from the mouths of CEOs? You monster!

It looks like they scrape popular torrent sites like TPB and then list every address in the swarm. Problem one is that legal torrents are on there too, and problem two is that trackers list fake random IP addresses to make the data unreliable in court.

My home IP address is listed with torrents I never touched, and so is my mobile one. That is despite that fact that Vodafone blocks BitTorrent and I have never used it on my 1GB/month plan.

The whole site is a troll, clearly they either don't understand the data they are collecting or they are deliberately misrepresenting it.

Not every Win PC (like my gaming rig for example) is automatically compromised and infected with bots. While it is possible, I see it as rather unlikely, since I have enough expertise to prevent anything that is not specifically target at me.

Much more reasonable assumption is that a) I didn't notice recent IP shuffle b) Database is randomly generated c) Database is not randomly generated, but might as well be due to methodology flaws.

It depends on your set up. I typically have the same IP address for long periods of time because the ISP doesn't reassign them unless you've gone offline for a period of time. If I turned it off and back on I might get a new IP, but as long as the connection is there consistently they don't bother handing out a new IP.

I had a crappy ISP DSL modem which I ultimately replaced with a TP-Link 8816, quite nice and fairly inexpensive. I've had far fewer connection problems since it automatically dials in when it loses its connection without my having to intervene.

According to a comment someone left on the site, they apparently had records for the IP address 192.168.1.1 which have since been removed. So their data collection process is probably busted. (They probably got caught in the usual trap of assuming that trackers provide an accurate list of peers, or worse still assuming that DHT does.)

The best part is, the site wants you to log in using facebook to "prove you're human" - that way they can pin an IP address to an actual name and email address. If you don't use the facebook link, they provide something like a 26 letter long captcha (which as far as I can tell, will never let you in, thus forcing you to log in via facebook if you want to view the site). This site sounds like an extreme scam.

Well, at least we know how they're monetizing this admittedly slick database; they won't allow you to submit a removal request until you provide your facebook credentials. To even reach the text below, you need to unblock Facebook in NoScript:______Removal Request

What’s the matter? You’re brave enough to steal music, movies and programs but only because you thought you weren’t going to get caught? Well whoever told you that was completely wrong and now your information has gone public. Are you afraid of media companies finding out that you’re a pirate or are you afraid of your friends finding out exactly what you’ve been downloading? Whatever your reason may be, the internet is no place for secrets. Even if you use every precaution in the book, there’s always a chance that someone like us will figure out what you’ve been up to. Because, the reality is, if man made it...man will get around it...and man will figure out how to exploit it. It’s just human nature.

Anyway, like we said before, luck is on your side today because we’re actually nicer than we let on. I never said we wouldn’t bust your chops about it, but at least we’re offering you a chance to redeem yourself — The details can be found after logging in to your Facebook account.

I know this is Slashdot and most people get it, but for those who don't -- this looks like a form of phishing to get your Facebook password. I'm not a security expert but I imagine they are using a man-in-the-middle attack to log your password while you log in.

Yep (AC here - sorry!) Both myself and my neighbors (we share a connection) are pretty heavy BT users (we use Azureus or "Vuze Classic") and the IP didn't show up anything. We've had the same IP for at least 18 months. Either they're inflating their numbers drastically (who says they aren't lying horribly? This is the MPAA/RIAA after all) or only using encrypted trackers seems to have some effect.

Uh, that's how it's always been, ever since 2001 or so. I've tweaked the hell out of my account settings over the years, and when they did that awful 2.0 update earlier this year I think (when the option later became available) I set the discussion style to "Classic Discussion System (D1)", which may allow that option. But I guess that's the pitfall of posting without a net!

And then browse at a threshold at +3, Threaded, Oldest First, Index Spill 600 and Reparent Highly Rated Comments as "True". Also helps if you have a healthy friends/foes list. Anybody willing to stick their neck out as an expert in a particular field and making a particularly informative post usually gets an add.

"When you visit, it automatically checks and lets you know if your Internet address is in the database."

Except most people don't have a fixed IP reserved for them. Does that mean I'm going to get the "warning" because someone else on my ISP downloaded content? (Yes.)

Nevertheless, it's an interesting tool, but this information is probably useless since you still need to contact the ISP in order to know who actually was using that IP in that given time frame.Also, keep in mind that this site currently only di

... by Tor. I regularly download torrents from behind a draconian campus proxy using Tor. (Yes, I know, the Tor guys don't want us running torrents with it. But I'm too lazy to go looking for other solutions.) I'm "in the clear.":P

And if they track any IP address from Switzerland, they are breaking the Swiss data protection laws and can be sued for damages for collecting the IP and breach of privacy.

See http://arstechnica.com/tech-policy/news/2010/09/switzerland-gathering-ip-addresses-from-bittorrent-sites-illegal.ars

What happened to another IP slurper..."But Switzerland, which is not an EU member, has decided that it can't sanction Logistep's behavior. The country's Federal Data Protection and Information Commissioner, Hanspeter Thür, took Logistep to court and this week won a major victory. The Federal Supreme Court ruled that IP addresses are in fact personal information and that companies like Logistep can't go about slurping them up for mere civil cases like file-swapping lawsuits. Logistep must cease all current copyright infringement data collection.

In a press release issued yesterday, Thür praised the court's decision. He sees Logistep as trying to "assume tasks clearly in the State's domain." Only the state can violate personal privacy, and only when pursuing criminal cases."

The privacy policy, the contact us page — it’s all a joke. We came up with the idea of building a crawler like this and keeping the maintenance price under $300 a month. There was only one way to prove our theory worked — to implement it in practice. So we did. Now, we find ourselves with a big crawler. We knew what it did but we didn’t know how to use it. So we decided to make a joke out of it. That’s the beauty of jokes — you can make them out of anything.

I'm on ADSL. My IP address changes every few hours. Meaning I've got the 'same' IP as about 20 million other people. I foresaw this kind of crap a long time ago, so much so that I have a script that logs my public IP every minute in case sometimes comes knocking at the door. At least I can have a lawyer show the log. For what it's worth.

It would take me less than an hour to write a.torrent file crawler and a modified bittorrent client that kept on connecting to different trackers and requesting different torrents. I'm sure there are hundreds of code gurus on/. that could do this trivial task in half the time.

Dear courts and judges:
Connecting to a tracker != copyright infringement
Requesting a block from a peer != copyright infringement (for all we know the ISP could've used DPI to drop that packet)
Applying for a search warrant, get

Technically, downloading something copyrighted isn't copyright infringement either (assuming that private use copying is exempt from infringement, which is often the case), but it's a much harder case to make if (or when) one happens to already realize that what they are copying from is already infringing before they even copied it (because the copy at the other end being made publicly available would void any otherwise claimed notion of private use, and so if the person who is sharing did not otherwise hav

They mean the IP address of my gateway, not *MY* IP address. Even then, it's not *MINE*, it comes from a pool of IPs handed out by my ISP's DHCP server and it changes periodically. The address assigned my gateway today could have been last used by the Disney Princess Bootleg Video Mafia, and I'd be a little offended if I found that I was being impugned as a distributor of low-brow animated bastardizations of classic fairy tales. Doubly so if some numb-nuts from Disney's legal department gets all uppity and

Interesting, website says that I have downloaded shows when in fact I never touch pirate torrents. So ether someone spoofing my IP or neighbors somehow got past MAC filtering and authentication.
I am fairly sure my provider did not shuffle my IP address, but then I don't keep track of this. Should I, in case *AA comes knocking on my door?

... And that's assuming their dynamic IP was even theirs at the noted time.
Most people who download torrents on a regular basis disable DHT - and since their method of finding information is via DHT, then disabling BHT lowers any chance of showing in their lists to zero.

This means you are using a private torrent tracker or, of course, you may not be a torrent user at all! It happens.

Given all the TV shows I've downloaded over the years both current and old, I suspect this site really doesn't do much if you're not downloading torrents from "big names" like The Pirate Bay. With their grotesque lack of accuracy in their date, I do hope that anybody sued as a result of the information they do collect is wise enough to fight and question the v

I sort of tire of the ol' Slashdot jumping to conclusions but here's how it works:

1. They visit public tracker websites.
2. They query the tracker for a list of peers given a torrent hash (not difficult)
3. Dump all data into the database that can be searched through their website

That means your data is not on there if you're a torrent user because you're using a tracker they aren't indexing or you have a dynamic ip that they haven't categorized yet. In the same way this is why you can get false positives. All this B.S. about honey pots or fear mongering is dumb considering how straight forward this website is.

But they clearly want people very badly to sign in with their facebook accounts. First they're scaring people to sign in by promising removal from their database. If you visit the site again they provide you with a choice - an impossible (!) captcha or facebook. It's social hacking.

First off - don't let them scare you. Copyright holders has all the info anyway. Second, don't ever give away your facebook credentials to a third party that you don't trust. Third, don't trust these people.

At the time of writing this comment, they have implimented a facebook-login in order to see your list. I attempted to use their captcha device instead, because I hate facebook (which was somewhere around 20 characters long, case sensitive). I tried to enter the captcha about 15 times using different images and each time it told me I was wrong. I don't believe it is possible to login by their captcha and they are mandating the facebook.com login.
I suspect this website might be a trap / facebook scraper. Earlier in the day I was able to see 'my results' which were incorrect.

Ditto. This thing pegged me as downloading something from "Lil Wayne" while not correctly identifying the things that I have actually torrented. Although I usually stay away from stuff that RIAA or MPAA have any jurisdiction over.

So they aren't going to publically shame me over downloading Centos? I'm so dissapointed.

I'm with you on that. I was disappointed when I went there and they didn't list all the linux distro's I'm constantly seeding.
I do find it funny though, they do list Pioneer One [pioneerone.tv]. That's right, shame on me for sharing a TV show that was made to be shared.
lol.

I'm with you on that. I was disappointed when I went there and they didn't list all the linux distro's I'm constantly seeding.
I do find it funny though, they do list Pioneer One [pioneerone.tv]. That's right, shame on me for sharing a TV show that was made to be shared.
lol.

I didn't think the site was about shaming; reading some of the links on the site (the privacy policy is somewhat amusing) they say they had the idea as a proof of concept, and implemented it to see if it would work, and thought they may as well make it accessible.

I checked the other day when I first saw this, and just now. They didn't have anything for me, even though I have also been sharing the Pioneer One show, and a load of stuff from Jamendo.